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Formal methods have not had the kind of impact we might have hoped. I suggest that the reason is 
economic: the cost/benefit ratio is unacceptable in many cases, and unproven in most. Hence, 
research should examine the question of reducing costs, in the form of labor and time. 


Automatic formal verification methods for finite-state systems, also known as model-checking, suc- 
cessfully reduce labor costs since they are mostly automatic. Model checkers explicitly or implicitly 
enumerate the reachable state space of a system, whose behavior is described implicitly, perhaps by 
a program or a collection of finite automata. Simple properties, such as mutual exclusion or 
absence of deadlock, can be checked by inspecting individual states. More complex properties, such 
as lack of starvation, require search for cycles in the state graph with particular properties. 

Specifications to be checked may consist of built-in properties, such as deadlock or “unspecified 
receptions” of messages, another program or implicit description, to be compared with a simulation, 
bisimulation, or language inclusion relation, or an assertion in one of several temporal logics. 
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There are many success stories of verification tools finding bugs in protocols or hardware control- 
lers. In some cases, these tools have been incorporated into design methodology. 


Research in finite-state verification has been advancing rapidly, and is showing no signs of slowing 
down. Recent results include probabilistic algorithms for verification, exploitation of symmetry and 
independent events, and the use symbolic representations for Boolean functions and systems of lin- 
ear inequalities. 


One of the most exciting areas for further research is the combination of model-checking with theo- 
rem-proving methods. I will briefly describe some initial forays into this area. 
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• a table of states already searched 
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All of these systems are currently in use in industry. * Methods supporting abstraction and refinement 


Model checking + theorem proving Model checking + theorem proving 
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